The perimeter is dead — but businesses haven't noticed
The Zscaler “The Ripple Effect” report surveyed 1,750 IT leaders across 14 countries and the findings are stark: 61% admit their resilience strategies remain too inward-focused, 60% experienced significant failures caused by suppliers, and 81%acknowledge critical dependency on legacy systems that were never designed for today's threat landscape.
The WEF Global Cybersecurity Outlook 2026 paints a similar picture: 65%of large enterprises now identify third-party vulnerabilities as their top challenge, up from 54% in 2025. The traditional corporate perimeter — the firewall at the network edge — simply cannot address risks that originate outside the organisation's walls.
The question is no longer whether to rethink perimeter security, but how quickly your organisation can adapt. A good starting point is understanding the full scope of modern cybersecurity.
The new perimeter is identity
Remote work, cloud adoption and suppliers accessing corporate resources via VPN have rendered the classic inside/outside distinction meaningless. Data is now distributed across on-premise data centres and multi-cloud environments, accessed from personal devices, home networks and third-party systems.
Zero Trustflips the paradigm: never trust the network, verify every user, every device, every access. User identity becomes the real control point — not the network perimeter. Authentication, authorisation and continuous validation replace the assumption that anything inside the firewall is safe.
A firewall at the network edge is no longer enough: you need to protect every endpoint, every session, every identity. Security must follow the user, not the network boundary.
Supply chain: the risk you don't control
According to the Zscaler report, 68% of organisations rely increasingly on third parties, yet fewer than 50% have updated their resilience strategy accordingly. 60% experienced significant supplier-caused failures in the past year.
Only 54% of organisations have cyber insurance that covers third-party compromises. Meanwhile, the NIS2 Directive explicitly requires supply chain risk management, making this not just a best practice but a legal obligation for many European businesses.
AI and quantum: emerging risks
70% of organisations lack visibility into shadow AI usage within their workforce. 50% have deployed AI tools without governance frameworks in place, and 57%haven't yet incorporated post-quantum cryptography into their security roadmap.
The AI adoption curve is outpacing protective measures. Businesses are deploying AI-powered tools faster than they can assess the associated risks — from data leakage through unvetted LLMs to adversarial attacks that exploit AI-driven decision-making. Proactive governance is essential.
What to do: five concrete steps
- 1Measure your security posture — start with a free NIST CSF 2.0 assessment to understand where you stand.
- 2Protect every endpoint — move beyond traditional antivirus to EDR/XDR solutions that detect and respond to threats in real time.
- 3Test your defences — run periodic vulnerability assessments and penetration tests to find weaknesses before attackers do.
- 4Train your people — users are the new perimeter. Invest in security awareness programmes that turn employees into your first line of defence.
- 5Segment and control access — adopt Zero Trust principles and use next-generation firewalls for network segmentation, not just perimeter defence.